Grand Canyon Vault, LLC.  (USA)
Offsite Backup Solutions for Windows Servers and Desktops

Security Features Protect Data

With GCV Backup, you will be able to backup and restore your data without unnecessarily exposing your data to further security risks.

When you connect your office with the Internet, you open up the perimeter of your network and are exposed to a world of security risks.  GCV Backup was designed with your security issues in mind.

  • Data is encrypted at the Data Repository.
    Choose between two different encryption levels:  56-bit Blowfish or 256-bit AES.  GCV Backup will encrypt backup data at the Client before sending it over your network to the Data Repository.  This protects your data from "line sniffers" – hackers who use tools to listen and watch your network activity.  Additionally, the files are stored at the Data Repository in this encrypted format to prevent hackers from reading files directly from your Data Repository.
  • Filenames are obscured (scrambled) when stored at the Data Repository.
    GCV Backup stores the backup files under an encoded filename to prevent unauthorized people from learning information from the actual filenames.  For example, a file named "Payroll.xls" draws unnecessary attention because of its descriptive nature.  In the repository, the Payroll file may be called "affe2000004c8-00000000000001c1-c171eff1.1".  Thus encoded, the file does not stand out.
  • Restoration commands cannot be performed at the Data Repository.
    The GCV Backup cannot perform restorations of client data from the Data Repository Manager. This feature prevents people who are authorized to administer the Data Repository from reading (or perhaps distributing) files that reside on the Data Repository computer.  Only the person who performed the backup can restore the data using their user account name and password.  We encourage users to change their Client account password after logging into the Data Repository for the first time to protect the privacy of their account information.
  • Backup Clients do not open any ports and do not accept connections from your network.
    It is important that when you install new applications, you know if they are opening up your computer’s ability to accept connections from outsiders.  When applications open up a port they are exposing your computer to unauthorized connections through your network (and to outsiders should your network have Internet access).  Hackers commonly use automated tools to port-scan computers for these vulnerabilities.  When hackers use a port-scanning tool, they can find and exploit open ports to gain access to your data and use your computer for their vices. GCV Backup Clients do not open any ports to communicate with the Data Repository.
  • Backup Clients do not broadcast their existence over your network.
    GCV Backup Clients do not broadcast any information about themselves over your network.  The Client will only connect with the Data Repository that you tell it to communicate with.  Since the Client does not accept connections, a hacker cannot gain access to your backup data through the Client software.

    Some client/server backup products require their backup clients to broadcast their existence, user name and password to the network and the Internet.  This exposes users to hackers who can connect to the client, gather data about them, and use this information to trick the client into sending it's backup data from their computer to the hacker.
  • Advantages of running the Data Repository on Windows 2008 / 2003 / Vista / XP / 2000 or NT.
    When possible, you can benefit from the additional security measures offered by Windows when you run the Data Repository as a Service.  Services automatically run or startup when the computer is turned on, and you do not need to login to the computer for the Services to run.  Because you do not need to login, you can leave the computer unattended knowing that unauthorized users cannot gain access to this computer while you are away.
  • User account passwords are not transmitted over your network with each backup or restore.
    GCV Backup does not send the Clients’ passwords over your network.  To prevent sending the password over the network, the Data Repository requires you to create the Client account before the Client can login.  Both the Data Repository and the Client require you to enter the appropriate Client name and password information separately.  GCV Backup validates the password by using the password to operate on a token that is passed between them to avoid exposing any of your Clients’ passwords should a hacker use a line sniffer on your network or through the Internet.
  • Outsiders cannot hijack your data.
    GCV Backup operates according to a Client-initiated backup.  Only the Client can start a backup or submit restoration requests.  Because GCV Backup operates in this manner, a hacker cannot trick a GCV Backup Client into sending the hacker any of its files.

    Some client/server based backup products control the backups from a central server, meaning that anyone who is on the network with these Clients, including the Internet, can use the Client software to request your files.  They do this by impersonating the backup server, and then they use the Client backup software as a hacker’s agent to pull the client files from your computer and deliver them to the hacker.
  • The Data Repository Manager watches for unauthorized activity and hacker tricks.
    GCV Backupwatches for activity on it’s open port that is typical of hacker trick: syn flooding, misbuilt packets, over-sized packets, etc.  All client-server products require an open port over which to communicate.  However, GCV Backup only allows the Data Repository to open the port and watches it while it is open.  This should not prevent you from putting further protective measures into place on this open port.  We strongly suggest that you install a firewall and any other security products you wish to fortify your network.